SSAE - 18
SSAE 18 is a defined set of improvements aimed to increase or inflate the usefulness and quality of SOC reports. SSAE 18 has now superseded SSAE 16 in terms of established guidelines. Companies will be required to take more authority and claim ownership of their internal security controls as per the new standard changes. These changes also mention that identifying and classifying potential risks and appropriate risk management are integral for third-party vendor relationships. While these changes are not overly burdensome for organizations, they will definitely help lessen the void in key areas that industry professionals noted while evaluating some service organizations’ reports.
Clients and prospects use the SSAE 18 standard to pursue a SOC 1 report.